<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=iso-8859-1"><meta name=Generator content="Microsoft Word 15 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0cm;
margin-bottom:.0001pt;
font-size:11.0pt;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#0563C1;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:#954F72;
text-decoration:underline;}
span.EstiloDeEmail17
{mso-style-type:personal-compose;
font-family:"Calibri",sans-serif;}
.MsoChpDefault
{mso-style-type:export-only;
font-family:"Calibri",sans-serif;
mso-fareast-language:EN-US;}
@page WordSection1
{size:612.0pt 792.0pt;
margin:70.85pt 3.0cm 70.85pt 3.0cm;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=PT-BR link="#0563C1" vlink="#954F72"><div class=WordSection1><p class=MsoNormal><span lang=EN-US>Sirs. I�m trying to make Stunnel work in both source and destination transparent proxy and after looking every possibility I started to track the packet that is locally generated (Stunnel client sending to stunnel server).<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>The packet goes out from process to raw table output chain. It deliveries to connect tracking that pass the packet to mangle output but it disappears before arriving in the nat table output chain.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Stunnel Packet destination 7.0.0.2:80(Original destination)------raw/output-----connectTrack------mangle/output-------XXXX disappear<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>With transparent destination off it works fine.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Stunnel Packet destination 9.0.0.2:443(Stunnel Server IP)------raw/output-----connectTrack------mangle/output-------nat/output----filter/output----interface<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US>The problem is probably regarding the tproxy/ip_transparent that stunnel use to control the connection and get the original src/dst to use.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>I tried 3 different distribution of linux with the same behavior.<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Does someone already use transparent=both� and give me a setup that worked link linux distribution/version, stunnel version and so on?<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Thanks,<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US>Luis Monteiro<o:p></o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US><o:p> </o:p></span></p><p class=MsoNormal><span lang=EN-US> <o:p></o:p></span></p></div></body></html>